Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/a67432-c067-4cdb-b5ad-dba5c1834601/1/L0bhppLWrMSdcNLgGdYJSqSZVkc.roa
File:                     L0bhppLWrMSdcNLgGdYJSqSZVkc.roa (raw, json)
Hash identifier:          reCxur1GjrSqHzTsIc/AouKUuv6D5DZfsF8cL44q+Yc=
Subject key identifier:   2F:46:E1:A6:92:D6:AC:C4:9D:70:D2:E0:19:D6:09:4A:A4:99:56:47
Certificate issuer:       /CN=b209721f4548c26cf362e944a81b1acee7b24b53
Certificate serial:       018CC56DF793763AF1470FCA59C4AF2D5774
Authority key identifier: B2:09:72:1F:45:48:C2:6C:F3:62:E9:44:A8:1B:1A:CE:E7:B2:4B:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sglyH0VIwmzzYulEqBsazueyS1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/a67432-c067-4cdb-b5ad-dba5c1834601/1/L0bhppLWrMSdcNLgGdYJSqSZVkc.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5585
IP address blocks:        192.114.62.0/23 maxlen: 24
                          2001:7f8:3b::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/a67432-c067-4cdb-b5ad-dba5c1834601/1/sglyH0VIwmzzYulEqBsazueyS1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/a67432-c067-4cdb-b5ad-dba5c1834601/1/sglyH0VIwmzzYulEqBsazueyS1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sglyH0VIwmzzYulEqBsazueyS1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f7:93:76:3a:f1:47:0f:ca:59:c4:af:2d:57:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b209721f4548c26cf362e944a81b1acee7b24b53
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f46e1a692d6acc49d70d2e019d6094aa4995647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:43:5d:cf:58:57:5c:d1:3d:c3:ef:15:65:ae:
                    05:73:84:ce:ee:f3:cc:da:15:dd:91:4b:b5:fb:6c:
                    1a:0a:9d:ba:dc:2f:0f:14:3b:35:f0:db:ca:fb:02:
                    b0:f9:26:21:6f:20:61:c4:e0:56:d7:9e:73:ff:97:
                    28:15:7d:ee:a5:29:13:15:dd:a1:fc:29:4a:d0:00:
                    a9:0d:01:e1:a1:3d:46:c4:26:18:5b:32:b1:7d:97:
                    02:81:e9:19:5a:05:d9:33:7c:2e:a4:a8:9f:4c:a1:
                    d9:66:c5:b7:ef:d6:c1:30:d2:43:e7:50:c9:db:a1:
                    b5:2d:f0:0d:9b:bb:76:45:63:0f:5c:3b:e1:6e:06:
                    a8:14:c3:2e:0e:de:1b:2c:16:dc:80:7b:b9:32:d5:
                    36:4d:82:e7:90:d0:06:0a:ee:d9:23:d3:f6:a4:5e:
                    99:ef:86:db:d5:ec:99:2b:1e:53:41:23:df:01:c5:
                    5f:27:c7:81:df:9d:42:6d:a6:be:2c:41:38:24:23:
                    9e:65:c4:be:0a:a1:05:19:7b:d9:3d:cf:87:51:e1:
                    77:1d:7f:28:c4:60:1e:8f:46:5c:01:07:72:d1:70:
                    64:2b:36:be:6e:26:3c:e0:c8:1d:29:cc:8b:7e:b6:
                    df:cb:cb:aa:0d:69:ec:64:4b:2c:68:0b:eb:13:4a:
                    99:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:46:E1:A6:92:D6:AC:C4:9D:70:D2:E0:19:D6:09:4A:A4:99:56:47
            X509v3 Authority Key Identifier:
                keyid:B2:09:72:1F:45:48:C2:6C:F3:62:E9:44:A8:1B:1A:CE:E7:B2:4B:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sglyH0VIwmzzYulEqBsazueyS1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/a67432-c067-4cdb-b5ad-dba5c1834601/1/L0bhppLWrMSdcNLgGdYJSqSZVkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/a67432-c067-4cdb-b5ad-dba5c1834601/1/sglyH0VIwmzzYulEqBsazueyS1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.114.62.0/23
                IPv6:
                  2001:7f8:3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:fd:83:e9:13:77:c4:68:fb:aa:5c:4b:c0:37:0c:22:4e:71:
         82:72:69:c8:ea:0f:28:46:83:7d:61:74:37:d2:f4:67:2c:23:
         c2:72:92:e9:f4:34:99:56:a6:94:09:d6:f9:9f:e3:ec:86:08:
         ff:45:3d:65:56:e2:72:76:ec:90:9a:07:63:c2:a2:92:28:cd:
         b6:bc:5b:2b:6b:ae:05:57:b5:43:0f:1f:50:d7:b3:c0:b1:d9:
         bb:ee:9b:57:db:4d:75:30:52:6c:f2:80:a2:74:2c:f5:fd:ac:
         0c:7b:dd:3a:7f:b5:be:d6:18:5d:7d:48:37:8d:83:5d:29:6e:
         e0:c4:5a:46:68:47:c5:62:9e:5c:6a:e0:c6:8b:96:5a:73:19:
         e4:5e:22:04:7b:3b:b3:7f:88:70:b5:04:93:ba:35:aa:81:9e:
         e8:07:70:10:b2:4a:42:9f:4f:91:bc:3a:47:e2:af:ad:cb:60:
         7f:a4:ef:e3:f5:7e:99:3b:3d:99:41:81:d5:aa:6d:bb:d2:03:
         e0:84:7f:e6:4f:4d:d9:f1:aa:69:74:d4:23:51:58:fb:d7:d9:
         dc:5c:27:8d:8f:9d:ad:28:b9:80:fa:c6:60:cf:dd:51:83:2d:
         3d:19:78:c4:a4:72:9f:39:d4:95:3d:de:3d:92:c5:e4:7b:00:
         87:0d:9a:d1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbfeTdjrxRw/KWcSvLVd0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMDk3MjFmNDU0OGMyNmNmMzYyZTk0NGE4MWIxYWNlZTdi
MjRiNTMwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQ2ZTFhNjkyZDZhY2M0OWQ3MGQyZTAxOWQ2MDk0YWE0OTk1NjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0Ndz1hXXNE9w+8VZa4Fc4TO7vPM
2hXdkUu1+2waCp263C8PFDs18NvK+wKw+SYhbyBhxOBW155z/5coFX3upSkTFd2h
/ClK0ACpDQHhoT1GxCYYWzKxfZcCgekZWgXZM3wupKifTKHZZsW379bBMNJD51DJ
26G1LfANm7t2RWMPXDvhbgaoFMMuDt4bLBbcgHu5MtU2TYLnkNAGCu7ZI9P2pF6Z
74bb1eyZKx5TQSPfAcVfJ8eB351Cbaa+LEE4JCOeZcS+CqEFGXvZPc+HUeF3HX8o
xGAej0ZcAQdy0XBkKza+biY84MgdKcyLfrbfy8uqDWnsZEssaAvrE0qZOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC9G4aaS1qzEnXDS4BnWCUqkmVZHMB8GA1UdIwQY
MBaAFLIJch9FSMJs82LpRKgbGs7nsktTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2dseUgwVkl3bXp6WXVsRXFCc2F6dWV5UzFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9hNjc0MzItYzA2Ny00Y2RiLWI1YWQt
ZGJhNWMxODM0NjAxLzEvTDBiaHBwTFdyTVNkY05MZ0dkWUpTcVNaVmtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9hNjc0MzItYzA2Ny00Y2RiLWI1YWQtZGJhNWMxODM0NjAx
LzEvc2dseUgwVkl3bXp6WXVsRXFCc2F6dWV5UzFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwHI+MA8E
AgACMAkDBwAgAQf4ADswDQYJKoZIhvcNAQELBQADggEBAB79g+kTd8Ro+6pcS8A3
DCJOcYJyacjqDyhGg31hdDfS9GcsI8Jykun0NJlWppQJ1vmf4+yGCP9FPWVW4nJ2
7JCaB2PCopIozba8WytrrgVXtUMPH1DXs8Cx2bvum1fbTXUwUmzygKJ0LPX9rAx7
3Tp/tb7WGF19SDeNg10pbuDEWkZoR8Vinlxq4MaLllpzGeReIgR7O7N/iHC1BJO6
NaqBnugHcBCySkKfT5G8Okfir63LYH+k7+P1fpk7PZlBgdWqbbvSA+CEf+ZPTdnx
qml01CNRWPvX2dxcJ42Pna0ouYD6xmDP3VGDLT0ZeMSkcp851JU93j2SxeR7AIcN
mtE=
-----END CERTIFICATE-----